How do I connect a Cisco ASA 5505 to a Draytek Vigor 2955 via IPsec?

smea0l

Honorable
Oct 15, 2012
1
0
10,510
We're having problems connecting our Cisco ASA 5505 to a Draytek Vigor 2955 (which is in production) via IPsec, LAN-to-LAN/Site-to-Site. I followed the guide in this PDF document:

http://www.draytek.com/.upload/pdffiles/8ee31fd09092dac8dfd6980661f5c09c.pdf

The software versions of the devices used in the guide seem to be older than the ones we're using, the Draytek is running on version v3.3.0 and the ASA is on ASA version 8.4(2), meaning the settings that need to be set look different in the versions we use compared to the ones in the guide. I'm using ASDM (version 6.4(5)) to administer the ASA. Anyone out there with a clue on what might help?

Help is truly appreciated! Thanks in advance,
S
 

john-b691

Honorable
Sep 29, 2012
703
1
11,160
Too may options to guess why this would not work. Most people who use cisco firewalls configure them from line mode and not a GUI so I cannot be sure what this screen is actually generating. One common thing that causes issues is cisco concept of interesting traffic. Most other vendors do not support this the same way and cisco uses it as part of the negotiation.

The best way to find your problem is to turn on the debugs on the cisco and watch the communication and see how far in the process it gets. You will get clear messages about the phase 1 and phase 2 proposals. There is more than likely some form of mismatch you will need to correct